Currently, the CertificateSelection function calls the schemeValidForKey function, which checks if the signature type (RSA_PKCS1, RSA_PSS, or ECDSA) is correct for the given key, but does not check if the underlying group is correct for the signature algorithm in the ECDSA case. This causes the function to sometimes output a signature algorithm incompatible with the chosen certificate.
I propose to add the following check inside schemeValidForKey:
func schemeValidForKey(alg SignatureScheme, key crypto.Signer) bool {
...
case *ecdsa.PrivateKey:
// proposed check
if curveFromNamedGroup(curveMap[alg]) != key.Public().(*ecdsa.PublicKey).Curve {
return false
}
...
If you agree, I will submit a PR with this change.
@chris-wood
Currently, the
CertificateSelectionfunction calls theschemeValidForKeyfunction, which checks if the signature type (RSA_PKCS1, RSA_PSS, or ECDSA) is correct for the given key, but does not check if the underlying group is correct for the signature algorithm in the ECDSA case. This causes the function to sometimes output a signature algorithm incompatible with the chosen certificate.I propose to add the following check inside
schemeValidForKey:If you agree, I will submit a PR with this change.
@chris-wood